class StaffsController < ApplicationController
  # before_action :set_user, only: [:show, :edit, :update, :destroy]
  load_and_authorize_resource :user, parent: false

  respond_to :html, :json

  def index
    @q = User.ransack(params[:q])
    @users =  @q.result.page(params[:page])
    respond_with(@users)
  end

  def show
    respond_with(@user)
  end

  def new
    @user = User.new
    @form_url = staffs_path
    respond_with(@user)
  end

  def edit
  end

  def create
    @form_url = staffs_path
    @user = User.new(user_params)
    if @user.save
      redirect_to staffs_url
    else
      render :new and return
    end
  end

  def update
    if @user.update(user_params)
      redirect_to staffs_url, notice: '保存成功'
    else
      render :edit
    end
  end

  def destroy
    @user.destroy
    respond_with(@user)
  end

  def password
  end

  def update_password
    if @user.update(user_params)
      redirect_to staffs_url, notice: '保存成功'
    else
    end
  end

  def profile
    @form_url = update_profile_staffs_path
    @user = current_user
  end

  def update_profile
    @form_url = update_profile_staffs_path
    @user = current_user
    if @user.update(user_params)
      redirect_to profile_staffs_url, notice: '保存成功'
    else
      flash.now.alert = '保存失败'
      render :profile
    end
  end

  private
    def set_user
      @user = User.find(params[:id])
    end

    def user_params
      params.require(:user).permit(:email, :password, :password_confirmation, :role, :name, :phone, :wechat)
    end
end
